[nginx] SSL: removed the "ssl" directive.

Roman Arutyunyan arut at nginx.com
Thu Jun 8 12:53:59 UTC 2023


details:   https://hg.nginx.org/nginx/rev/0aaa09927703
branches:  
changeset: 9120:0aaa09927703
user:      Roman Arutyunyan <arut at nginx.com>
date:      Thu Jun 08 14:49:27 2023 +0400
description:
SSL: removed the "ssl" directive.

It has been deprecated since 7270:46c0c7ef4913 (1.15.0) in favour of
the "ssl" parameter of the "listen" directive, which has been available
since 2224:109849282793 (0.7.14).

diffstat:

 src/http/modules/ngx_http_ssl_module.c |  78 +---------------------------------
 src/http/modules/ngx_http_ssl_module.h |   5 --
 src/http/ngx_http_request.c            |   8 +---
 src/mail/ngx_mail_handler.c            |   6 +-
 src/mail/ngx_mail_ssl_module.c         |  53 -----------------------
 src/mail/ngx_mail_ssl_module.h         |   1 -
 6 files changed, 5 insertions(+), 146 deletions(-)

diffs (312 lines):

diff -r 08ef02ad5c54 -r 0aaa09927703 src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c	Tue May 16 16:30:08 2023 +0400
+++ b/src/http/modules/ngx_http_ssl_module.c	Thu Jun 08 14:49:27 2023 +0400
@@ -43,8 +43,6 @@ static char *ngx_http_ssl_merge_srv_conf
 static ngx_int_t ngx_http_ssl_compile_certificates(ngx_conf_t *cf,
     ngx_http_ssl_srv_conf_t *conf);
 
-static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
-    void *conf);
 static char *ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd,
     void *conf);
 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
@@ -90,24 +88,12 @@ static ngx_conf_enum_t  ngx_http_ssl_ocs
 };
 
 
-static ngx_conf_deprecated_t  ngx_http_ssl_deprecated = {
-    ngx_conf_deprecated, "ssl", "listen ... ssl"
-};
-
-
 static ngx_conf_post_t  ngx_http_ssl_conf_command_post =
     { ngx_http_ssl_conf_command_check };
 
 
 static ngx_command_t  ngx_http_ssl_commands[] = {
 
-    { ngx_string("ssl"),
-      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
-      ngx_http_ssl_enable,
-      NGX_HTTP_SRV_CONF_OFFSET,
-      offsetof(ngx_http_ssl_srv_conf_t, enable),
-      &ngx_http_ssl_deprecated },
-
     { ngx_string("ssl_certificate"),
       NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
       ngx_conf_set_str_array_slot,
@@ -625,7 +611,6 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t 
      *     sscf->stapling_responder = { 0, NULL };
      */
 
-    sscf->enable = NGX_CONF_UNSET;
     sscf->prefer_server_ciphers = NGX_CONF_UNSET;
     sscf->early_data = NGX_CONF_UNSET;
     sscf->reject_handshake = NGX_CONF_UNSET;
@@ -657,17 +642,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *
 
     ngx_pool_cleanup_t  *cln;
 
-    if (conf->enable == NGX_CONF_UNSET) {
-        if (prev->enable == NGX_CONF_UNSET) {
-            conf->enable = 0;
-
-        } else {
-            conf->enable = prev->enable;
-            conf->file = prev->file;
-            conf->line = prev->line;
-        }
-    }
-
     ngx_conf_merge_value(conf->session_timeout,
                          prev->session_timeout, 300);
 
@@ -722,37 +696,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *
 
     conf->ssl.log = cf->log;
 
-    if (conf->enable) {
-
-        if (conf->certificates) {
-            if (conf->certificate_keys == NULL) {
-                ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
-                              "no \"ssl_certificate_key\" is defined for "
-                              "the \"ssl\" directive in %s:%ui",
-                              conf->file, conf->line);
-                return NGX_CONF_ERROR;
-            }
-
-            if (conf->certificate_keys->nelts < conf->certificates->nelts) {
-                ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
-                              "no \"ssl_certificate_key\" is defined "
-                              "for certificate \"%V\" and "
-                              "the \"ssl\" directive in %s:%ui",
-                              ((ngx_str_t *) conf->certificates->elts)
-                              + conf->certificates->nelts - 1,
-                              conf->file, conf->line);
-                return NGX_CONF_ERROR;
-            }
-
-        } else if (!conf->reject_handshake) {
-            ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
-                          "no \"ssl_certificate\" is defined for "
-                          "the \"ssl\" directive in %s:%ui",
-                          conf->file, conf->line);
-            return NGX_CONF_ERROR;
-        }
-
-    } else if (conf->certificates) {
+    if (conf->certificates) {
 
         if (conf->certificate_keys == NULL
             || conf->certificate_keys->nelts < conf->certificates->nelts)
@@ -1039,26 +983,6 @@ found:
 
 
 static char *
-ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
-{
-    ngx_http_ssl_srv_conf_t *sscf = conf;
-
-    char  *rv;
-
-    rv = ngx_conf_set_flag_slot(cf, cmd, conf);
-
-    if (rv != NGX_CONF_OK) {
-        return rv;
-    }
-
-    sscf->file = cf->conf_file->file.name.data;
-    sscf->line = cf->conf_file->line;
-
-    return NGX_CONF_OK;
-}
-
-
-static char *
 ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 {
     ngx_http_ssl_srv_conf_t *sscf = conf;
diff -r 08ef02ad5c54 -r 0aaa09927703 src/http/modules/ngx_http_ssl_module.h
--- a/src/http/modules/ngx_http_ssl_module.h	Tue May 16 16:30:08 2023 +0400
+++ b/src/http/modules/ngx_http_ssl_module.h	Thu Jun 08 14:49:27 2023 +0400
@@ -15,8 +15,6 @@
 
 
 typedef struct {
-    ngx_flag_t                      enable;
-
     ngx_ssl_t                       ssl;
 
     ngx_flag_t                      prefer_server_ciphers;
@@ -64,9 +62,6 @@ typedef struct {
     ngx_flag_t                      stapling_verify;
     ngx_str_t                       stapling_file;
     ngx_str_t                       stapling_responder;
-
-    u_char                         *file;
-    ngx_uint_t                      line;
 } ngx_http_ssl_srv_conf_t;
 
 
diff -r 08ef02ad5c54 -r 0aaa09927703 src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c	Tue May 16 16:30:08 2023 +0400
+++ b/src/http/ngx_http_request.c	Thu Jun 08 14:49:27 2023 +0400
@@ -326,17 +326,11 @@ ngx_http_init_connection(ngx_connection_
 #endif
 
 #if (NGX_HTTP_SSL)
-    {
-    ngx_http_ssl_srv_conf_t  *sscf;
-
-    sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
-
-    if (sscf->enable || hc->addr_conf->ssl) {
+    if (hc->addr_conf->ssl) {
         hc->ssl = 1;
         c->log->action = "SSL handshaking";
         rev->handler = ngx_http_ssl_handshake;
     }
-    }
 #endif
 
     if (hc->addr_conf->proxy_protocol) {
diff -r 08ef02ad5c54 -r 0aaa09927703 src/mail/ngx_mail_handler.c
--- a/src/mail/ngx_mail_handler.c	Tue May 16 16:30:08 2023 +0400
+++ b/src/mail/ngx_mail_handler.c	Thu Jun 08 14:49:27 2023 +0400
@@ -283,10 +283,10 @@ ngx_mail_init_session_handler(ngx_event_
 
     s = c->data;
 
-    sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
+    if (s->ssl) {
+        c->log->action = "SSL handshaking";
 
-    if (sslcf->enable || s->ssl) {
-        c->log->action = "SSL handshaking";
+        sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
 
         ngx_mail_ssl_init_connection(&sslcf->ssl, c);
         return;
diff -r 08ef02ad5c54 -r 0aaa09927703 src/mail/ngx_mail_ssl_module.c
--- a/src/mail/ngx_mail_ssl_module.c	Tue May 16 16:30:08 2023 +0400
+++ b/src/mail/ngx_mail_ssl_module.c	Thu Jun 08 14:49:27 2023 +0400
@@ -23,8 +23,6 @@ static int ngx_mail_ssl_alpn_select(ngx_
 static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf);
 static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child);
 
-static char *ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
-    void *conf);
 static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd,
     void *conf);
 static char *ngx_mail_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd,
@@ -65,24 +63,12 @@ static ngx_conf_enum_t  ngx_mail_ssl_ver
 };
 
 
-static ngx_conf_deprecated_t  ngx_mail_ssl_deprecated = {
-    ngx_conf_deprecated, "ssl", "listen ... ssl"
-};
-
-
 static ngx_conf_post_t  ngx_mail_ssl_conf_command_post =
     { ngx_mail_ssl_conf_command_check };
 
 
 static ngx_command_t  ngx_mail_ssl_commands[] = {
 
-    { ngx_string("ssl"),
-      NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
-      ngx_mail_ssl_enable,
-      NGX_MAIL_SRV_CONF_OFFSET,
-      offsetof(ngx_mail_ssl_conf_t, enable),
-      &ngx_mail_ssl_deprecated },
-
     { ngx_string("starttls"),
       NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
       ngx_mail_ssl_starttls,
@@ -322,7 +308,6 @@ ngx_mail_ssl_create_conf(ngx_conf_t *cf)
      *     scf->shm_zone = NULL;
      */
 
-    scf->enable = NGX_CONF_UNSET;
     scf->starttls = NGX_CONF_UNSET_UINT;
     scf->certificates = NGX_CONF_UNSET_PTR;
     scf->certificate_keys = NGX_CONF_UNSET_PTR;
@@ -349,7 +334,6 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, 
     char                *mode;
     ngx_pool_cleanup_t  *cln;
 
-    ngx_conf_merge_value(conf->enable, prev->enable, 0);
     ngx_conf_merge_uint_value(conf->starttls, prev->starttls,
                          NGX_MAIL_STARTTLS_OFF);
 
@@ -394,9 +378,6 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, 
     if (conf->listen) {
         mode = "listen ... ssl";
 
-    } else if (conf->enable) {
-        mode = "ssl";
-
     } else if (conf->starttls != NGX_MAIL_STARTTLS_OFF) {
         mode = "starttls";
 
@@ -546,34 +527,6 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, 
 
 
 static char *
-ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
-{
-    ngx_mail_ssl_conf_t  *scf = conf;
-
-    char  *rv;
-
-    rv = ngx_conf_set_flag_slot(cf, cmd, conf);
-
-    if (rv != NGX_CONF_OK) {
-        return rv;
-    }
-
-    if (scf->enable && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
-        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
-                           "\"starttls\" directive conflicts with \"ssl on\"");
-        return NGX_CONF_ERROR;
-    }
-
-    if (!scf->listen) {
-        scf->file = cf->conf_file->file.name.data;
-        scf->line = cf->conf_file->line;
-    }
-
-    return NGX_CONF_OK;
-}
-
-
-static char *
 ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 {
     ngx_mail_ssl_conf_t  *scf = conf;
@@ -586,12 +539,6 @@ ngx_mail_ssl_starttls(ngx_conf_t *cf, ng
         return rv;
     }
 
-    if (scf->enable == 1 && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
-        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
-                           "\"ssl\" directive conflicts with \"starttls\"");
-        return NGX_CONF_ERROR;
-    }
-
     if (!scf->listen) {
         scf->file = cf->conf_file->file.name.data;
         scf->line = cf->conf_file->line;
diff -r 08ef02ad5c54 -r 0aaa09927703 src/mail/ngx_mail_ssl_module.h
--- a/src/mail/ngx_mail_ssl_module.h	Tue May 16 16:30:08 2023 +0400
+++ b/src/mail/ngx_mail_ssl_module.h	Thu Jun 08 14:49:27 2023 +0400
@@ -20,7 +20,6 @@
 
 
 typedef struct {
-    ngx_flag_t       enable;
     ngx_flag_t       prefer_server_ciphers;
 
     ngx_ssl_t        ssl;


More information about the nginx-devel mailing list